General
-
Target
4b160b1fa8f422e7618c6c2fe3898cdf9e20379df15800c1f838a83f0469b012
-
Size
448KB
-
Sample
220521-plwd8aagbq
-
MD5
17e1e57de133bdf04ce261d676764d80
-
SHA1
04352210fa598778c6fa543043fa8d48d4cadc98
-
SHA256
4b160b1fa8f422e7618c6c2fe3898cdf9e20379df15800c1f838a83f0469b012
-
SHA512
dc12dca8cc93c200d8c5589300e5ebf4287dae19a048246b1bd147c61cd23590762d0ba599bb875d00307d70cd14108e31663be9ec1e3914daec9cd9e11b2daa
Static task
static1
Behavioral task
behavioral1
Sample
Product_vershold_offersheet__sample_v1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Product_vershold_offersheet__sample_v1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
zainab@almushrefcoop.com - Password:
zainab123
Extracted
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
zainab@almushrefcoop.com - Password:
zainab123
Targets
-
-
Target
Product_vershold_offersheet__sample_v1.exe
-
Size
622KB
-
MD5
5b4672f9b54a613f44df770c8a191cb7
-
SHA1
02702effbd4d1860aab85280a6515908cd14e759
-
SHA256
6a91ee06aa043203369fabb320b0efdc3dcee2ccd476db6da5ecc6cf473dbba2
-
SHA512
0c02ed2081bd6652a8764826a9bd82c6de168b877709f4fcc4463ad1665fd82cfe51aa06e16bdfb05e3f2655f1481a43acd4dc6e7fae25059eb2f5f9e77f6255
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-